ACL / SDs
Luke Kenneth Casson Leighton
lkcl at samba.org
Fri Feb 25 15:54:43 GMT 2000
On Fri, 25 Feb 2000, Elrond wrote:
> On Fri, Feb 25, 2000 at 04:06:24PM +1100, Luke Kenneth Casson Leighton wrote:
> [...]
> > > > for those people who may be thinking, "eh???", here's the crunch: a)
> > > the
> > > > two local SURS tables *may* contain identical lookups b) this
> > > results in
> > > > both local unix systems following the posix convention of usnign the
> > > same
> > > > local uids and gids to give the impression that both systems have
> > > remote
> > > > groups, and the user on both systems sees a consistent user/group
> > > > view-thing.
> > > >
> > > > you get the idea.
> > > >
> > > > anyway, this is pretty off-topic for what you wanted to discuss,
> > > tim, i
> > > > should imagine.
> > >
> > > So, in cases where samba is a PDC we'll only need to do the lookup
> > > once (when we create the NET_USER_INFO3 struct, on login) and when we
> >
> > yep.
> >
> > > are domain members (etc.) we'll need to do a lookup once (when we get
> > > sent a NET_USER_INFO3 struct, on login). Ok, this was easy :-).
> >
> > yep.
> >
> > i think this should be a smb.conf option thing. "obey unix local groups"
> > or "translate NET_USER_INFO3 group_rids to unix local groups".
> >
> > we can sell this as "being faster" because you don't have to do a
> > getgroups() twice for the same user (once on the PDC, once on the domain
> > member) for the same login.
> >
> > and hope like hell that the SURS implementation is fast :)
>
>
> Isn't "domain group map" good for this:
"domain user/group/alias/bultion map" is a botched attempt to provide a
consistent mapping of NT to unix, as relevant to the local unixsystem
[only].
that's two botched attempts, time to get it right.
luke
More information about the samba-technical
mailing list